SE Labs introduces penalty shootout

SE Labs has introduced an interesting enhancement to its endpoint protection test methodology. While the company has always included targeted attacks in these tests, it has now introduced what it calls ‘attack chain scoring’. In other words, whereas previously the product under test received a scoring penalty for a breach that didn’t take into account how deeply the tester had penetrated into the system, there are now additional penalties where the attack gains more access, for example privilege escalation. This means that there is now a range of penalty scores between -1 and -5, depending on the severity of the breach.